Update all non-major dependencies

[joecorall]

This PR contains the following updates:

Package	Update	Change
apache-activemq	patch	5.18.5 -> 5.18.6
apache-log4j	minor	2.23.1 -> 2.24.3
apache-log4j	minor	2.22.0 -> 2.24.3
apache-solr	minor	9.5.0 -> 9.7.0
custom-composer	patch	2.8.2 -> 2.8.4
solr-ocrhighlighting	patch	0.9.0 -> 0.9.1

---

Release Notes

apache/activemq (apache-activemq)

v5.18.6

Compare Source

apache/logging-log4j2 (apache-log4j)

v2.24.3: 2.24.3

Compare Source

Release Notes

This release fixes two minor bugs.

• Fix ConcurrentModificationException, if multiple threads modify loggers concurrently.
  This bug affects users that modify logger levels programmatically. (#​3234)
• Protects PropertiesUtil against property sources that call PropertiesUtil recursively.
  In some cases such a property source can even cause deadlocks. (#​3252)

v2.24.2: 2.24.2

Compare Source

Release Notes

This release fixes a critical bug in Log4j API initialization code, which can cause LogManager.getLogger() to return null under certain conditions. See #​3143 for details.

Fixed

• Fix key removal issues in Thread Context (#​3048)
• Use hard references to Loggers in LoggerRegistry. (#​3143)
• Fix ArrayIndexOutOfBoundsException in JSON Template Layout truncated exception resolver (#​3216)

v2.24.1: 2.24.1

Compare Source

This release contains mainly bug fixes of problems encountered with the thread context map, logger registry and configuration reloading.

It also enhances integration tests to use Docker images of the most recent releases of MongoDB and Elastic Search.

Changed

• Rework LoggerRegistry to make it MessageFactory-namespaced.
  This effectively allows loggers of same name, but different message factory. (#​2936)
• Enable Docker-based tests in CI for JSON Template Layout (#​2953)

Fixed

• Switch MongoDB tests to use Docker. (#​2229)
• Fix reloading of the configuration from an HTTP(S) source (#​2937)
• Fix putAll() in the default thread context map implementation (#​2942)

Updated

• Update org.apache.logging:logging-parent to version 11.3.0

v2.24.0: 2.24.0

Compare Source

The 2.24.0 version of Log4j API has been enhanced with changes from the 3.x branch and will be used by both Log4j 2 Core and Log4j 3 Core releases. The changes include:

• A faster default ThreadContextMap.
• Enhanced GraalVM support: native binaries that use Log4j API will no longer require additional GraalVM configuration.
• The configuration properties subsystem now only accepts the official pre-2.10 property names and the normalized post-2.10 names.
  Check your configuration for typos.

Documentation

The Apache Log4j 2 website has been almost entirely rewritten to provide improved documentation and faster access to the information you need.

Bridges

The JUL-to-Log4j API and Log4j 1-to-Log4j API bridges will no longer be able to modify the configuration of Log4j Core by default.
If such a functionality is required, it must be explicitly enabled.

Modules

The following Log4j Core additional modules have been removed:

• log4j-flume-ng
  The module is no longer part of the release process and will follow its own release lifecycle.
  Please manage your dependencies using log4j-bom to always use its latest version.

• log4j-kubernetes
  The module has been moved to the Fabric8.io Kubernetes project and follows the Fabric8.io release lifecycle.

• log4j-mongodb3
  The module based on MongoDB Java client version 3.x has been removed.
  Please migrate to log4j-mongodb (client version 5.x) or log4j-mongodb4 (client version 4.x).

JMX changes

Starting in version 2.24.0, JMX support is disabled by default and can be re-enabled via the log4j2.disableJmx=false system property.

Added

• Add a faster DefaultThreadContextMap implementation. (#​2330)
• Add Logback throwable-consuming semantics as an option inlog4j-slf4j-impl and log4j-slf4j2-impl.
  Users can enable it by setting the property log4j2.messageFactory to org.apache.logging.slf4j.message.ThrowableConsumingMessageFactory. (#​2363)

• Add trace context fields to GcpLayout.json (#​2498)
• Add "Plugin Reference" to the website. It is a Javadoc-on-steroids focusing on Log4j plugins. (#​1954)
• Automate website deployment using the new CI infrastructure shipped with org.apache.logging:logging-parent:11.0.0

Changed

• Fix usage of log4j-api in GraalVM without additional reachability data. (#​1539)
• Ignore exceptions thrown by PropertySources. (Spirng-33450)
• Add logging to PropertiesUtil and fix Duration parser. (#​1936)
• Disable level modification via JUL by default. (#​2353)
• Centralize initialization in the Provider class and deprecate log4j2.loggerContextFactory property. (#​2374)
• Remove log4j-kubernetes lookup. User should migrate to io.fabric8:kubernetes-log4j. (#​2412)
• Disable JMX support by default. Require log4j2.disableJmx to be set to false to enable JMX support. (#​2462)
• Replace some usages of DateTimeFormatter#toString() with DateTimeFormatter#formatTo(StringBuilder) to cut down on allocations
  (#​2515)
• Disable programmatic configuration in Log4j 1 Bridge if log4j1.compatibility is false. (#​2778)
• Improve missing plugin descriptor warnings. (#​2835)
• Remove configuration properties caching and (undocumented) fuzzy property name matching. (#​2849)
• Fixes property source ordering to account for different sources with the same priority. (LOG4J2-3618)
• Prioritize user-defined values of log4j2.enableThreadLocals,log4j2.garbagefreeThreadContextMap and log4j2.shutdownHookEnabled
  over the value of log4j.isWebapp. (#​2517)
• Disallow duplicate keys in JSON Template Layout templates
• Deprecate log4j2.defaultStatusLevel property in Log4j Core in favor of log4j2.statusLoggerLevel (#​2481)
• Add module log4j-mongodb to track the current MongoDB driver (currently version 5). (#​2486)
• Remove module log4j-mongodb3, use log4j-mongodb instead, log4j-mongodb4 is deprecated for removal. (#​2486)

Deprecated

• Deprecate Message#getFormat() due to unclear semantics andinconsistent implementations (#​2773)
• Deprecate org.apache.logging.log4j.EventLogger for removal (#​2665)
• Deprecate org.apache.logging.log4j.core.appender.rolling.action.Duration class for removal (#​2425)
• Deprecate the log4j-mongodb4 module in favor of log4j-mongodb (#​2486)

Fixed

• Use FQDN in RFC5424 Layout. (#​1740)
• Fix custom thread-context data provider handling in lookups and filters. (#​2331)
• Fix handling of log4j2.messageFactory and log4j2.flowMessageFactory properties (#​2505)
• Discard blank keys in PropertiesUtil (#​2414)
• Fix handling of log4j2.debug. (#​2703)
• Fix location requirement for the %F and %file keys in Pattern Layout (#​2781)
• Fix JsonLayout failure under JPMS. (#​2814)
• Fix empty string handling for TruncatingBufferedWriter (#​2609)
• Fix that parameterized message formatting throws an exception when there are insufficient number of parameters. It previously simply
  didn't replace the '{}' sequence. The behavior changed in 2.21.0 and should be restored for backward compatibility. (#​2380)
• Fix ClassCastException in LMAX Disruptor 3 initialization (#​2768)
• Fix requirement on the java.management module when JMX is disabled, which is the default (#​2775)
• Website is migrated to Antora with several formatting and link fixes (#​2427)

Removed

• Move Flume Appender to its own release lifecycle. (#​2902)

Updated

• Update com.fasterxml.jackson:jackson-bom to version 2.17.2 (#​2719)
• Update com.github.luben:zstd-jni to version 1.5.6-5 (#​2901)
• Update commons-codec:commons-codec to version 1.17.1 (#​2741)
• Update commons-logging:commons-logging to version 1.3.4 (#​2864)
• Update github/codeql-action to version 3.25.1 (#​2483)
• Update io.fabric8:docker-maven-plugin to version 0.45.0 (#​2776)
• Update org.apache.cassandra:cassandra-all to version 3.11.17 (#​2479)
• Update org.apache.commons:commons-compress to version 1.27.1 (#​2869)
• Update org.apache.commons:commons-csv to version 1.11.0 (#​2565)
• Update org.apache.commons:commons-lang3 to version 3.17.0 (#​2907)
• Update org.apache.kafka:kafka-clients to version 3.8.0 (#​2777)
• Update org.apache.logging:logging-parent to version 11.2.0
• Update org.eclipse.jetty:jetty-bom to version 9.4.55.v20240627 (#​2709)
• Update org.jctools:jctools-core to version 4.0.5 (#​2637)
• Update log4j-mongodb4 org.mongodb:* from 4.11.1 to 4.11.2 (#​2409)
• Update org.mongodb:bson to version 5.1.3 (#​2823)
• Update org.slf4j:slf4j-api to version 2.0.16 (#​2829)
• Update org.springframework:spring-framework-bom to version 5.3.39 (#​2840)

apache/solr (apache-solr)

v9.7.0

Compare Source

v9.6.1

Compare Source

v9.6.0

Compare Source

composer/composer (custom-composer)

v2.8.4

Compare Source

• Fixed exit code of the audit command not being meaningful (now 1 for vulnerabilities and 2 for abandoned, 3 for both) (#​12203)
  • Fixed issue on plugin upgrade when it defines multiple classes (#​12226)
  • Fixed duplicate errors appearing in the output depending on php settings (#​12214)
  • Fixed InstalledVersions returning duplicate data in some instances (#​12225)
  • Fixed installed.php sorting to be deterministic (#​12197)
  • Fixed bump-after-update failing when using inline constraints (#​12223)
  • Fixed create-project command to now disable symlinking when used with a path repo as argument (#​12222)
  • Fixed validate --no-check-publish to hide publish errors entirely as they are irrelevant (#​12196)
  • Fixed audit command returning a failing code when composer audit fails as this should not trigger build failures, but running audit as standard part of your build is probably a terrible idea anyway (#​12196)
  • Fixed curl usage to disable multiplexing on broken versions when proxies are in use (#​12207)

v2.8.3

Compare Source

• Fixed windows handling of process discovery (#​12180)
  • Fixed react/promise requirement to allow 2.x installs again (#​12188)
  • Fixed some issues when lock:false is set in require and bump commands

dbmdz/solr-ocrhighlighting (solr-ocrhighlighting)

v0.9.1: : Solr 9.7 compatibility, fixes

Compare Source

Changed

• During indexing, we now only need a single pass through the input files, instead of
  two, this is in preparation for the S3 storage backend, where we don't have the luxury
  of relying on a page cache to paper over our inefficencies.

Fixed

• Fix bug that resulted in missed matches during highlighting (#​442, thanks @​schmika!)
• Fix bug that resulted in incomplete reads from the input file under some circumstances (#​441, thanks @​schmika!)
• Compatibility with Solr 9.7

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nigelgbanks]

Looks, like the format of the branch names breaks the build process, I'll see if I can sort it out.

[joecorall]

@nigelgbanks - I think it's fixed with https://github.com/Islandora-Devops/isle-buildkit/pull/363/files branchPrefix. I'm re-running renovate now which I think will close this PR and open a new one